Who are the ShadowBrokers?

The WannaCry ransomware strain was created by amateurs who copied and pasted security vulnerabilities from a famous hacker group. It’s no longer a threat if you have updated your computer, but as evidenced by a recent announcement, the hacker group will continue to release dangerous security exploits for anyone to use.

Who are the ShadowBrokers?

There are several theories about who the members of this hacker group are -- from National Security Agency (NSA) employees to Russian operatives -- but all these theories are based on unreliable information. All we know for sure is that the ShadowBrokers are using social media to sell a seemingly endless trove of cybersecurity secrets.

What are they selling?

The ShadowBrokers’ first auction was in August of 2016, promising in broken English that the highest bidder would receive security vulnerabilities on par with government cyber weapons. Over the year that followed, the ShadowBrokers used auctions, crowdfunding, and direct sales to release vulnerabilities that all seemed to come from the NSA.

In April of 2017, the fifth release went public and was characterized by one security expert as “the most damaging thing I've seen in the last several years.” It included the ETERNALBLUE Windows vulnerability that allowed WannaCry to infect over 300,000 computers in a single day.

The September 2017 release

In a recent announcement, the ShadowBrokers announced a subscription service that will include access to bi-monthly security exploit releases. The first package included an NSA exploit named UNITEDRAKE, which allows hackers to remotely monitor or control a computer running any of the following versions of Microsoft’s operating system:

Windows XP

Windows Vista

Windows Server 2003/2008/2012

Windows 7 (if no updates have been installed)

Windows 8

The UNITEDRAKE exploit can secretly record audio from your microphone, video from your webcam and anything that is typed while you are logged in. It can also remove itself from the target computer leaving no signs of a breach.

How to protect yourself from ShadowBrokers releases

To date, all the known NSA security exploits and ShadowBrokers releases have targeted older and outdated versions of software. The best thing you can do to protect your computers is keep your operating systems and software applications patched with the most recent vendor updates.

Advanced network monitoring can detect suspicious activity, but that requires a significant amount of time and IT expertise. Small- and medium-sized businesses usually don’t have the resources to handle 24x7 network supervision, but our team can help.

If you need help securing your business and its information from cyber threats, give us a call today.